Under California state law, health care providers and laboratories are required to submit confidential information about many communicable and a few non-communicable health conditions to public health agencies to enable disease prevention activities. The California Department of Public Health (CDPH), California Reportable Disease Information Exchange (CalREDIE) is the system used for this disease reporting. And when they had a breach, the CDPH disclosed it and posted it on their website:
On January 15, 2014, a healthcare provider accessed the CalREDIE health care provider system to create a report. Due to a system error the health care provider received access to information within the system that the provider was not authorized to view, which included limited information about you.
The information was limited to your name and possible diagnosis of a reportable disease, and did not contain any other medical or personal information, such as a Social Security number, Driver’s License number, or financial account numbers which could expose you to identity theft. Nonetheless, we felt it necessary to inform you since your personal information was involved. We do not believe your personal information was viewed by or further disclosed to any other unauthorized person.